Re: [LARTC] Marking packets for shaping

From: johan@pinguind.co.id
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Marking packets for shaping
Date: Thu, 17 May 2001 10:47:59 +0000	[thread overview]
Message-ID: <marc-lartc-99009647910681@msgid-missing> (raw)
In-Reply-To: <marc-lartc-99002340108447@msgid-missing>

This is the result when I use with OUTPUT chain

150 Opening BINARY mode data connection for iproute-2.2.4-2.i386.rpm (327439
bytes).
226 Transfer complete.
327439 bytes received in 21 secs (15 Kbytes/sec)

With configuration like this

bash# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
MARK       tcp  --  fvbs.pinguind.co.id  anywhere           state RELATED,ESTABLISHED MARK set 0x1 
MARK       tcp  --  fvbs.pinguind.co.id  anywhere           tcp spt:www MARK set 0x2 

---[ eth0: configured classes ]---------------------------

class cbq 10: root rate 10Mbit (bounded,isolated) prio no-transmit
class cbq 10:2 parent 10: rate 10Mbit prio 4
class cbq 10:4 parent 10:2 leaf 8001: rate 128Kbit prio 4
class cbq 10:5 parent 10:2 leaf 8002: rate 256Kbit prio 4

---[ eth0: queueing disciplines ]-------------------------

qdisc tbf 8002: rate 256Kbit burst 10Kb lat 190.7ms 
qdisc tbf 8001: rate 128Kbit burst 10Kb lat 381.5ms 
qdisc cbq 10: rate 10Mbit (bounded,isolated) prio no-transmit


On Wed, May 16, 2001 at 07:30:57PM -0400, Ramin Alidousti wrote:
> Aren't you making any mistake here, Johan? OUTPUT chain is meant
> for the outgoing packets from the firewall itself. What Jaco is
> doing is receiving packets from the network which will never pass
> the OUTPUT chain.
> 
> Ramin
> 
> On Thu, May 17, 2001 at 06:29:00AM -0400, johan@pinguind.co.id wrote:
> 
> > I had ever met this condition
> > I change chain rule at iptables,try like this
> > 
> > iptables -I OUTPUT -t mangle -p tcp -s 0/0 -d 192.168.62.0/24 -j MARK
> > --set-mark 1
> > 
> > and it works.
> > 
> > Regards
> > 
> > Johan
> > 
> > On Wed, May 16, 2001 at 11:07:07AM -0400, Ramin Alidousti wrote:
> > > I assume that the packets come in on eth0, right? And I'm not sure
> > > if the mangle table sees the destination as 192.168.62.0/24 or as
> > > the original destination address. Try this:
> > > 
> > > iptables -A PREROUTING -t mangle -p tcp -i eth0 -d 192.168.62.0/24 \
> > > 	-j MARK --set-mark 1
> > > 
> > > If it doesn't work, try:
> > > 
> > > iptables -A PREROUTING -t mangle -p tcp -i eth0 -d <orig dst IP's>
> > > 	-j MARK --set-mark 1
> > > 
> > > Hope it works,
> > > Ramin

-- 
             -\x1e'-      
             (o o)     
---------ooO--(_)--Ooo-------------------------------------------------
  (  )/  \( )( ) (  ) ( \( )      Visit us at http://www.pinguind.co.id
 __)(( () ))__(  /__\  )  (   Feel free to contact me at ICQ  #47240718       
(___/ \__/(_)(_)(_)(_)(_)\_)                 email:johan@pinguind.co.id          
-----------------------------------------------------------------------

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/